PingOne Recognize

Introduction to PingOne Recognize

PingOne Recognize provides four functional capabilities for integration into a workflow:

1. Enrollment

To authenticate users with PingOne Recognize, they must first be enrolled by registering a face.

This can be done in two ways:

  • Live enrollment: PingOne Recognize provides a user interface (UI) to create a biometric template that future authentication attempts are compared to. This captures facial biometrics and device details. Passive liveness technology also checks that the user is a real person.

  • IDV Bridge enrollment: This method is for businesses that already have created a biometric template, typically using a selfie as part of a Know Your Customer (KYC) or Identity Verification (IDV) flow. IDV Bridge uses that template for future authentication attempts. This removes the need for live enrollment while still tying PingOne Recognize authentication to the user’s existing biometric template.

Learn more in Enrollment.

2. Authentication

After users are enrolled, PingOne Recognize can authenticate them at various steps in the user journey. This is done through a UI that confirms the user is the same person who enrolled. With a glance at the camera, the user verifies face and device for multi-factor security and confirms presence using liveness checks.

Typical steps in the user journey include:

  • Login

  • Step-up actions (for example, changing personal data)

  • Payment authentication (using PingOne Recognize Strong Customer Authentication (SCA) and dynamic linking)

Learn more in Authentication.

3. Account recovery

Because PingOne Recognize multi-factor authentication includes device authentication, two options are available to recover devices and accounts.

  • Enrolling a new device: Where the device is not registered through enrollment, PingOne Recognize facial biometrics are typically used in combination with another authentication factor to enroll the new device. Recommended options include a password, SMS one-time passwords (OTPs), or email magic links.

  • Managing multiple enrolled devices: Customers can use the API to retrieve and delete devices that user identities are bound to.

  • Supporting multiple enrolled devices can reduce the impact of losing a device and help simplify account recovery workflows.

Learn more in Account Recovery.

4. Workforce

Using the previous three core components, PingOne Recognize also provides apps, integrations, and wrappers tailored for employee authentication:

  • PingOne Recognize Authenticator app: Enrollment and authentication through app-based push notification.

  • WebSDK: Enrollment and authentication through a web browser (OIDC and SAML wrappers are also available).